2 min read

Recycling older exploits is cheaper then producing new ones

Bogdan BOTEZATU

September 25, 2008

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Recycling older exploits is cheaper then producing new ones

So todays cyber-criminals mostly recycle older exploits, repack them, and ship them out into the wide world of the web. 

Exploit.JS.Agent.F

As the name says, this
e-threat is an exploit for a vulnerability in the XMLHTTP ActiveX control
within Microsoft XML Core Services. All users that have an unpatched MSXML 4.0
and 6.0 installed are prone to this exploit. Exploitation takes place when the
user visits a specially crafted website. Upon execution Exploit.JS.Agent.F
downloads an executable file to the Content.IE5 folder (ex: C:Documents and
SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE5). It
will also launch the application, which probably is another malware and will
further compromise the users machine.

Details: http://www.bitdefender.com/VIRUS-1000399-en–Exploit.JS.Agent.F.html

 

Trojan.Exploit.JS.RealPlr.S

This JavaScript is not
an actual exploit, but an exploit hider. What it does is add additional
encryption layers to the existing Exploit.SinaDloader.B described in the previous weekly review . It takes three steps to fully decrypt the
code, the first is Base-64 encoding, the second is the xxtea encryption
algorithm and the third a conversion from UTF-8 to UTF16. The clean content is
now server on the affected websites using the document.write Javascript method.

After this content is
executed, the script will basically run Exploit.SinaDloader which will start serving the 9 exploits in
order to compromise vulnerable machines.

Details: http://www.bitdefender.com/VIRUS-1000395-en–Trojan.Exploit.JS.RealPlr.S.html

Trojan.Downloader.Wimad.D

We all remember
Trojan.Downloader.WMA.Wimad.N , don’t we? Yes, it was part of our very first
review
published on the BitDefender forum. Well, a
new version of this exploit has shown up.

It’s called Trojan.Downloader.Wimad.D
and brings some interesting new features with itself. Unlike it’s predecessor
Wimad.N, the media files that try to exploit this Windows Media Player flaw,
have actual playable content.

A browser window will
pop up only at the end of playback, pointing users at
http://www.[hidden]sx.com. It resides for about 3 seconds on this website,
allowing the victims to get the “new version” of the media file they just
viewed. After this fixed amount of time has passed, they will be redirected to
an adult rated website.

This e-threat is not
able to spread by itself and relies on websites or file sharing applications to
do so. It has adware like behavior.

Details:
http://www.bitdefender.com/VIRUS-1000400-en–Trojan.Downloader.Wimad.D.html

 

Information in
this article is available courtesy of BitDefender virus researcher:

Daniel
Chipiristeanu

Dana Stanut

Adrian Stefan Popescu

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read